From 48aab5c033230c82178a65e8c3b1a936255799e2 Mon Sep 17 00:00:00 2001 From: Lars Gebhardt-Kusche Date: Mon, 1 Dec 2025 00:42:42 +0100 Subject: [PATCH] session --- api/v1/result/browser.quick.test.php | 159 +++++++++++++++------------ config/fileload.php | 62 ++++------- 2 files changed, 112 insertions(+), 109 deletions(-) diff --git a/api/v1/result/browser.quick.test.php b/api/v1/result/browser.quick.test.php index 466f5c9..25f1e45 100644 --- a/api/v1/result/browser.quick.test.php +++ b/api/v1/result/browser.quick.test.php @@ -36,11 +36,29 @@ function browser_quick_test_handle_request(): array } // --------------------------------------------------------------------- - // 2. User / Session ermitteln + // 2. User / Session ermitteln (robuster) // --------------------------------------------------------------------- - $userId = $_SESSION['user_id'] ?? null; // abhängig von deiner Login-Implementierung - $isLoggedIn = $userId ? 1 : 0; - $sessionId = session_id() ?: null; + $userId = null; + $isLoggedIn = 0; + + // Variante A: klassisch + if (!empty($_SESSION['user_id'])) { + $userId = (int)$_SESSION['user_id']; + } + // Variante B: User-Array in der Session (z.B. $_SESSION['user']['id']) + elseif (!empty($_SESSION['user']) && is_array($_SESSION['user']) && !empty($_SESSION['user']['id'])) { + $userId = (int)$_SESSION['user']['id']; + } + // Variante C: auth-Block (z.B. $_SESSION['auth']['user_id']) + elseif (!empty($_SESSION['auth']) && is_array($_SESSION['auth']) && !empty($_SESSION['auth']['user_id'])) { + $userId = (int)$_SESSION['auth']['user_id']; + } + + if ($userId) { + $isLoggedIn = 1; + } + + $sessionId = session_id() ?: null; $ipAddress = $_SERVER['REMOTE_ADDR'] ?? null; $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? null; @@ -94,79 +112,78 @@ function browser_quick_test_handle_request(): array global $pdo; try { -$sql = " - INSERT INTO web_quicktests ( - user_id, - is_logged_in, - usb_device_id, - browser_name, - browser_version, - os_name, - os_version, - volume_label, - manufacturer, - model_name, - usb_type, - advertised_capacity_bytes, - measured_capacity_bytes, - capacity_status, - filesystem, - test_report_json, - ip_address, - session_id - ) - VALUES ( - :user_id, - :is_logged_in, - :usb_device_id, - :browser_name, - :browser_version, - :os_name, - :os_version, - :volume_label, - :manufacturer, - :model_name, - :usb_type, - :advertised_capacity_bytes, - :measured_capacity_bytes, - :capacity_status, - :filesystem, - :test_report_json, - :ip_address, - :session_id - ) -"; + $sql = " + INSERT INTO web_quicktests ( + user_id, + is_logged_in, + usb_device_id, + browser_name, + browser_version, + os_name, + os_version, + volume_label, + manufacturer, + model_name, + usb_type, + advertised_capacity_bytes, + measured_capacity_bytes, + capacity_status, + filesystem, + test_report_json, + ip_address, + session_id + ) + VALUES ( + :user_id, + :is_logged_in, + :usb_device_id, + :browser_name, + :browser_version, + :os_name, + :os_version, + :volume_label, + :manufacturer, + :model_name, + :usb_type, + :advertised_capacity_bytes, + :measured_capacity_bytes, + :capacity_status, + :filesystem, + :test_report_json, + :ip_address, + :session_id + ) + "; -$stmt = $pdo->prepare($sql); - -$stmt->execute([ - 'user_id' => $userId, - 'is_logged_in' => $isLoggedIn, - 'usb_device_id' => null, - 'browser_name' => $browserName, - 'browser_version' => $browserVersion, - 'os_name' => $osName, - 'os_version' => $osVersion, - 'volume_label' => $volumeLabel, - 'manufacturer' => $manufacturer, - 'model_name' => $modelName, - 'usb_type' => $usbType, - 'advertised_capacity_bytes' => $advCapacityBytes, - 'measured_capacity_bytes' => $measuredBytes ?: null, - 'capacity_status' => $capacityStatus, - 'filesystem' => $filesystem, - 'test_report_json' => $testReportJson, - 'ip_address' => $ipAddress, - 'session_id' => $sessionId, -]); + $stmt = $pdo->prepare($sql); + $stmt->execute([ + 'user_id' => $userId, + 'is_logged_in' => $isLoggedIn, + 'usb_device_id' => null, + 'browser_name' => $browserName, + 'browser_version' => $browserVersion, + 'os_name' => $osName, + 'os_version' => $osVersion, + 'volume_label' => $volumeLabel, + 'manufacturer' => $manufacturer, + 'model_name' => $modelName, + 'usb_type' => $usbType, + 'advertised_capacity_bytes' => $advCapacityBytes, + 'measured_capacity_bytes' => $measuredBytes ?: null, + 'capacity_status' => $capacityStatus, + 'filesystem' => $filesystem, + 'test_report_json' => $testReportJson, + 'ip_address' => $ipAddress, + 'session_id' => $sessionId, + ]); $id = (int)$pdo->lastInsertId(); return [ - 'ok' => true, - 'id' => $id, - 'mode' => $modeRequested, + 'ok' => true, + 'id' => $id, + 'mode' => $modeRequested, 'measured_bytes' => $measuredBytes ?: null, ]; } catch (Throwable $e) { diff --git a/config/fileload.php b/config/fileload.php index 4fc3eae..a129fc1 100644 --- a/config/fileload.php +++ b/config/fileload.php @@ -4,61 +4,47 @@ require_once __DIR__ . "/config.php"; // ----------------------------------------------------------- -// Session starten (gemeinsam für Frontend + API) +// Session starten (Frontend + API sollen dieselbe Session nutzen) // ----------------------------------------------------------- if (php_sapi_name() !== 'cli') { if (session_status() === PHP_SESSION_NONE) { - // Host ermitteln - $host = $_SERVER['HTTP_HOST'] ?? ''; - - /** - * Ziel: - * STAGING: - * - staging.usbcheck.it - * - api.staging.usbcheck.it - * -> Cookie-Domain: .staging.usbcheck.it - * - * PROD: - * - usbcheck.it - * - www.usbcheck.it - * - api.usbcheck.it - * -> Cookie-Domain: .usbcheck.it - * - * LOKAL/SONSTIG: - * - z.B. localhost, 127.0.0.1 - * -> Keine Domain setzen (Browser nimmt Host) - */ - $cookieDomain = ''; - - if (preg_match('~\.staging\.usbcheck\.it$~', $host)) { - // alles unter *.staging.usbcheck.it - $cookieDomain = '.staging.usbcheck.it'; - } elseif (preg_match('~(^|\.)(usbcheck\.it)$~', $host)) { - // usbcheck.it, www.usbcheck.it, api.usbcheck.it, ... - $cookieDomain = '.usbcheck.it'; - } else { - // z.B. localhost → leer lassen - $cookieDomain = ''; - } - - // Einheitlicher Session-Name für alle usbcheck-Hosts session_name('usbcheck_session'); + // Cookie-Domain dynamisch bestimmen + $cookieDomain = ''; + if (!empty($_SERVER['HTTP_HOST'])) { + $host = $_SERVER['HTTP_HOST']; + // evtl. Port abschneiden + $host = preg_replace('/:\d+$/', '', $host); + + // Für alle Subdomains von usbcheck.it dieselbe Session + if (preg_match('/\.?usbcheck\.it$/i', $host)) { + // wirkt für usbcheck.it, staging.usbcheck.it, api.staging.usbcheck.it, ... + $cookieDomain = '.usbcheck.it'; + } + + // Falls du später andere Projekte auch per Subdomain teilen willst, + // kannst du hier weitere Regeln ergänzen, z.B.: + // elseif (preg_match('/\.?kusche\.berlin$/i', $host)) { + // $cookieDomain = '.kusche.berlin'; + // } + } + session_set_cookie_params([ 'lifetime' => 0, 'path' => '/', - 'domain' => $cookieDomain, // wichtig für gemeinsame Session über Subdomains + 'domain' => $cookieDomain, // WICHTIG: jetzt ggf. .usbcheck.it 'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'), 'httponly' => true, - 'samesite' => 'Lax', // reicht für gleiche Site (staging/api.*.usbcheck.it) + 'samesite' => 'Lax', ]); session_start(); } } -require_once __DIR__ . '/i18n.php'; // zentrale Sprachlogik +require_once __DIR__ . '/i18n.php'; // <— zentrale Sprachlogik // ab hier kannst du überall $GLOBALS['lang'] und $GLOBALS['availableLangs'] nutzen // und für JS: